Creating External Identity Provider Configurations
Function
This API is used to create configurations for an external identity provider. It can be called only from the organization's management account or from a delegated administrator account of a cloud service.
URI
POST /v1/identity-stores/{identity_store_id}/external-idp
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
identity_store_id |
Yes |
String |
Globally unique ID of an identity source. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Security-Token |
No |
String |
Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
idp_saml_metadata |
No |
String |
SAML metadata of an identity provider. Either the SAML settings or the SAML metadata of an identity provider must be configured. |
|
idp_certificate |
No |
String |
Identity provider certificate, which is used together with the identity provider's SAML settings. |
|
idp_saml_config |
No |
idp_saml_config object |
SAML settings of an identity provider. Either the SAML settings or the SAML metadata of an identity provider must be configured. |
Response Parameters
Status code: 201
|
Parameter |
Type |
Description |
|---|---|---|
|
hws_sp_saml_config |
SPSAMLConfig object |
Service provider configuration. |
|
idp_certificate_id |
String |
Globally unique ID of an identity provider certificate. |
|
idp_certificate_ids |
Array of strings |
List of globally unique IDs of identity provider certificates. |
|
idp_id |
String |
Globally unique ID of an external identity provider. |
|
Parameter |
Type |
Description |
|---|---|---|
|
acs_url |
String |
Response address of a service provider's assertion. |
|
issuer |
String |
Service provider issuer. |
|
metadata |
String |
Service provider metadata. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
request_id |
String |
Unique ID of a request. |
Status code: 403
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
request_id |
String |
Unique ID of a request. |
|
encoded_authorization_message |
String |
Encrypted error message. |
Example Request
Creating configurations for an external identity provider
POST https://{hostname}/v1/identity-stores/{identity_store_id}/external-idp
{
"idp_saml_metadata" : "<?xml version=\"1.0\" encoding=\"utf-8\"?><EntityDescriptor ID=\"_678cd4a8-4915-4e2d-a4ce-6*************cd/saml2\" /></IDPSSODescriptor></EntityDescriptor>"
}
Example Response
Status code: 201
Successful
{
"hws_sp_saml_config" : {
"acs_url" : "https://cn-north-4-signin.huaweicloud.com/v1/platform/saml/acs/xxxxxxx",
"issuer" : "https://cn-north-4.signin.huaweicloud.com/platform/saml/xxxxxx",
"metadata" : "<?xml version=\"1.0\" encoding=\"UTF-8\"?>xxxxxxx</md:EntityDescriptor>"
},
"idp_certificate_id" : "553523a6-ebde-4570-xxxxxxx",
"idp_certificate_ids" : [ "553523a6-ebde-4570-xxxxxxx" ],
"idp_id" : "a48e3f1b-59f8-4b8f-xxxxxxx"
}
Status Codes
|
Status Code |
Description |
|---|---|
|
201 |
Successful. |
|
400 |
Bad request. |
|
403 |
Forbidden. |
Error Codes
For details, see Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
